- From: Mark Baker <distobj@acm.org>
- Date: Mon, 1 Jul 2002 11:39:21 -0400
- To: "Champion, Mike" <Mike.Champion@SoftwareAG-USA.com>
- Cc: www-ws-arch@w3.org
On Mon, Jul 01, 2002 at 09:01:31AM -0600, Champion, Mike wrote: > Am I missing something? Is > there any reason we can't move ahead with a SOAP-based mechanism to define > the WSA? Yes. HTTP GET. It can't carry SOAP envelopes or headers. So WS-Security, for example, can only be used to secure a SOAP response to an HTTP GET. It's therefore not a complete solution, because the GET can be compromised. The other major reason why we can't proceed this way, is that many aspects of the architecture, and the extensions that we define, will depend upon the architectural style in use. For example, see HTTPR as a proposed solution for reliability. It completely disregards the state transfer based architecture of the Web, and as a result, is a really poor solution for it. MB -- Mark Baker, CTO, Idokorro Mobile (formerly Planetfred) Ottawa, Ontario, CANADA. distobj@acm.org http://www.markbaker.ca http://www.idokorro.com
Received on Monday, 1 July 2002 11:28:34 UTC